Blocking extensions inside of zip files

Tristan Rhodes tristanr at CI.GRANDJCT.CO.US
Mon Jan 26 23:57:01 GMT 2004

At work we use another antivirus solution (not my decision), and we have been manually adding the infected .zip files to our blocked attachment list.  We don't want to block all .zip files, and the virus definitions haven't been updated yet (or we haven't downloaded them yet.  Again not my decision).  So this is our best solution, blocking by filename.
* more may be added as we see them

Here is an idea for discussion... How about a filename check inside of zip files?  Similar to the current filename checks, only it also looks inside .zip files a certain depth of directories (or zip files).   If the .zip file continues too deep, then block the attachment.  Of course, if the virus scanners are currently used to expand zip files, then it would not make sense for MailScanner to do this.

Tristan Rhodes

>> Is there a way to use the filenames.rules.conf file on zipped files?
>> E.g. block a zipped .pif or .exe attachment, rather than blocking all
>> .zip attachments?
>No, I think this has been discussed before and is much more difficult /
>unpredictable than might be thought.

More information about the MailScanner mailing list